An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.
Max CVSS
5.5
EPSS Score
0.12%
Published
2022-01-06
Updated
2022-02-05
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.
Max CVSS
5.5
EPSS Score
0.12%
Published
2022-01-06
Updated
2022-02-05
Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension.
Max CVSS
4.3
EPSS Score
0.60%
Published
2019-06-27
Updated
2022-04-18
Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.49%
Published
2019-06-27
Updated
2022-04-18
Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Max CVSS
5.8
EPSS Score
0.62%
Published
2019-06-27
Updated
2022-07-29
Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Max CVSS
8.8
EPSS Score
3.03%
Published
2019-06-27
Updated
2022-10-11
Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard.
Max CVSS
7.8
EPSS Score
0.13%
Published
2019-06-27
Updated
2022-04-11
Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file.
Max CVSS
6.5
EPSS Score
0.72%
Published
2019-06-27
Updated
2022-10-11
Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Max CVSS
8.8
EPSS Score
0.41%
Published
2019-06-27
Updated
2022-10-11
Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote attacker to potentially persist an exploited process via a crafted HTML page.
Max CVSS
8.8
EPSS Score
0.68%
Published
2019-06-27
Updated
2022-10-11
Insufficient policy enforcement in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.49%
Published
2019-06-27
Updated
2022-10-11
Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Max CVSS
8.8
EPSS Score
2.79%
Published
2019-06-27
Updated
2022-10-07
Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
Max CVSS
8.8
EPSS Score
1.72%
Published
2019-06-27
Updated
2022-10-11
Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.72%
Published
2019-06-27
Updated
2022-10-11
Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page.
Max CVSS
8.8
EPSS Score
2.79%
Published
2019-06-27
Updated
2022-10-11
Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Max CVSS
8.8
EPSS Score
2.79%
Published
2019-06-27
Updated
2022-10-11
Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Max CVSS
8.8
EPSS Score
2.79%
Published
2019-06-27
Updated
2022-10-11
Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Max CVSS
8.8
EPSS Score
3.90%
Published
2019-06-27
Updated
2022-10-11
Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Max CVSS
6.5
EPSS Score
1.53%
Published
2019-06-27
Updated
2022-10-11
Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local attacker to perform domain spoofing via a crafted domain name.
Max CVSS
5.5
EPSS Score
0.04%
Published
2019-05-23
Updated
2022-10-11
Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.19%
Published
2019-05-23
Updated
2022-10-11
Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.20%
Published
2019-05-23
Updated
2022-10-11
Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.19%
Published
2019-05-23
Updated
2022-10-11
Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.19%
Published
2019-05-23
Updated
2022-10-11
Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Max CVSS
6.5
EPSS Score
1.80%
Published
2019-05-23
Updated
2022-10-11